Cloud computing is becoming the primary platform for web applications and the online distribution of increasingly complex and sensitive data. For many companies, cloud computing contracts inadequately address privacy and security risks. It is imperative that if your business is entering into a contract with a cloud computing vendor, the contract clearly sets out liability clauses and mitigates unique risks that arise from this form of technology.

IT contracts for cloud services differ substantially from traditional contracting models. From a technical perspective, IT infrastructure capacity is highly elastic. Elasticity means cloud server capacity can be dynamically reconfigured to adjust to a variable load depending on how many users are accessing data. Accordingly, there is an elimination of an up-front commitment by clients as they often pay only for what they use, compared to traditional IT hosting. These characteristics highlight not only the illusion of infinite resources but also how the location of data processing is not always known, predetermined or agreed to contractually.

Dude, Where’s My Data?

The physical location of data, coupled with its virtual state in the cloud, raises several issues regarding the validity of cross-border contracts and data security. Unlike traditional IT contracts whereby the law governing the Service Level Agreement and the choice of court in dispute resolution is clear, cloud computing raises new challenges. Given the potential movement of data across multiple jurisdictions, and the consequential inconsistency of confidentiality protection in differing jurisdictions, a client may find that their data may not be entitled to the same protection as contractually obliged. It is imperative that each cloud computing contract is drafted specifically for the vendor and the client.  Vendors should offer comprehensive and unambiguous jurisdiction clauses, including a list of the regulations and statutes that govern the site where data is stored and how compliance is executed.  

As the processing of data in the cloud can take place across different servers in different countries, or in a shared-tenancy cloud-computing environment, privacy concerns are paramount. The Privacy Act 1988 (Cth),  USA PATRIOT Act and European Union Data Privacy Directive all vary in coverage and effect of data protection and privacy. For Australian cloud computing vendors, consideration of the Australian Privacy Principles (APPs) is also a requirement.

What Should I Look For In A Cloud Computing Contract?

If you are a client using cloud computing technology, you can minimise the risk of security breaches by conducting your due diligence procedures such as knowing where your data is stored, and ensuring protocols are implemented to monitor continuously vendors and how data is handled.

Most shrink-wrap and click-wrap agreements only allow clients to view the terms and conditions of the contract after purchase. As these contracts may involve limited liability clauses or vendor subcontracting agreements, clients are not often given an opportunity to negotiate their terms and to scrutinise the terms of their licenses closely. If you are considering entering a cloud computing contract, you should use your power to negotiate how your software is installed to comply with your requirements,  and how data is stored and processed.

Key Takeaways

The innovation of cloud computing presents unique complexities and legal implications. Cloud computing clients should carefully scrutinise their contract before signing to ensure they understand the location and method of data storage. Our IT lawyers can assist with drafting or reviewing cloud computing contracts.

Questions? Get in touch on 1300 544 755.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Anthony Lieu

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy